admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:56:15 +00:00
parent 6e94c818ca
commit 9b6fe81b4e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3632 additions and 3632 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/1xxx/CVE-2002-1879.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020608 Security holes in LokwaBB and W-Agora",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html"
},
{
"name" : "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt",
"refsource" : "MISC",
"url" : "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt"
},
{
"name" : "4981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4981"
},
{
"name" : "lokwa-bb-sql-injection(9318)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9318.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt"
},
{
"name": "lokwa-bb-sql-injection(9318)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9318.php"
},
{
"name": "20020608 Security holes in LokwaBB and W-Agora",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html"
},
{
"name": "4981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4981"
}
]
}
}

140
2002/1xxx/CVE-2002-1993.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020618 WebBBS 5.0 (andlater versions) vulnerable: allow commands execution via \"followup\" bug",
"refsource" : "BUGTRAQ",
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00232.html"
},
{
"name" : "5048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5048"
},
{
"name" : "webbs-followup-execute-commands(9378)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9378.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020618 WebBBS 5.0 (andlater versions) vulnerable: allow commands execution via \"followup\" bug",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00232.html"
},
{
"name": "webbs-followup-execute-commands(9378)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9378.php"
},
{
"name": "5048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5048"
}
]
}
}

350
2003/0xxx/CVE-2003-0020.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2"
},
{
"name" : "APPLE-SA-2004-05-03",
"refsource" : "APPLE",
"url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2"
},
{
"name" : "GLSA-200405-22",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml"
},
{
"name" : "SSRT4717",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=108731648532365&w=2"
},
{
"name" : "MDKSA-2003:050",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050"
},
{
"name" : "MDKSA-2004:046",
"refsource" : "MANDRAKE",
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046"
},
{
"name" : "RHSA-2003:082",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-082.html"
},
{
"name" : "RHSA-2003:083",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-083.html"
},
{
"name" : "RHSA-2003:104",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-104.html"
},
{
"name" : "RHSA-2003:139",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html"
},
{
"name" : "RHSA-2003:243",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-243.html"
},
{
"name" : "RHSA-2003:244",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-244.html"
},
{
"name" : "SSA:2004-133",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643"
},
{
"name" : "57628",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
},
{
"name" : "101555",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
},
{
"name" : "2004-0017",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0017"
},
{
"name" : "2004-0027",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0027"
},
{
"name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2"
},
{
"name" : "apache-esc-seq-injection(11412)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11412.php"
},
{
"name" : "9930",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9930"
},
{
"name" : "oval:org.mitre.oval:def:150",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150"
},
{
"name" : "oval:org.mitre.oval:def:4114",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114"
},
{
"name" : "oval:org.mitre.oval:def:100109",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57628",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
},
{
"name": "RHSA-2003:243",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-243.html"
},
{
"name": "APPLE-SA-2004-05-03",
"refsource": "APPLE",
"url": "http://marc.info/?l=bugtraq&m=108369640424244&w=2"
},
{
"name": "101555",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
},
{
"name": "SSRT4717",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=108731648532365&w=2"
},
{
"name": "RHSA-2003:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-139.html"
},
{
"name": "2004-0027",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0027"
},
{
"name": "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108437852004207&w=2"
},
{
"name": "SSA:2004-133",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643"
},
{
"name": "RHSA-2003:244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-244.html"
},
{
"name": "GLSA-200405-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-22.xml"
},
{
"name": "MDKSA-2003:050",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"
},
{
"name": "apache-esc-seq-injection(11412)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11412.php"
},
{
"name": "2004-0017",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0017"
},
{
"name": "oval:org.mitre.oval:def:150",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150"
},
{
"name": "MDKSA-2004:046",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046"
},
{
"name": "oval:org.mitre.oval:def:4114",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"name": "9930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9930"
},
{
"name": "RHSA-2003:083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-083.html"
},
{
"name": "RHSA-2003:104",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
},
{
"name": "oval:org.mitre.oval:def:100109",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109"
},
{
"name": "RHSA-2003:082",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
}
]
}
}

170
2003/0xxx/CVE-2003-0609.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030729 Solaris ld.so.1 buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105951760418667&w=2"
},
{
"name" : "20030729 Buffer Overflow in Sun Solaris Runtime Linker",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/advisory/07.29.03.txt"
},
{
"name" : "55680",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680"
},
{
"name" : "8722",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8722"
},
{
"name" : "oval:org.mitre.oval:def:3601",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3601"
},
{
"name" : "sun-ldso1-ldpreload-bo(12755)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030729 Solaris ld.so.1 buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105951760418667&w=2"
},
{
"name": "sun-ldso1-ldpreload-bo(12755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12755"
},
{
"name": "oval:org.mitre.oval:def:3601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3601"
},
{
"name": "8722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8722"
},
{
"name": "55680",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680"
},
{
"name": "20030729 Buffer Overflow in Sun Solaris Runtime Linker",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/advisory/07.29.03.txt"
}
]
}
}

120
2003/0xxx/CVE-2003-0801.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "A091503-1",
"refsource" : "ATSTAKE",
"url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A091503-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a091503-1.txt"
}
]
}
}

130
2003/0xxx/CVE-2003-0861.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.php.net/release_4_3_3.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_4_3_3.php"
},
{
"name" : "http://www.php.net/ChangeLog-4.php#4.3.3",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-4.php#4.3.3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/release_4_3_3.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_4_3_3.php"
},
{
"name": "http://www.php.net/ChangeLog-4.php#4.3.3",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-4.php#4.3.3"
}
]
}
}

130
2003/1xxx/CVE-2003-1253.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
},
{
"name" : "bookmark4u-file-include(11009)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11009.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bookmark4u-file-include(11009)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
]
}
}

140
2003/1xxx/CVE-2003-1355.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030226 [VSA0307] Battlefield 1942 remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html"
},
{
"name" : "6967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6967"
},
{
"name" : "battlefield-remoteconsole-username-dos(11426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6967"
},
{
"name": "20030226 [VSA0307] Battlefield 1942 remote DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html"
},
{
"name": "battlefield-remoteconsole-username-dos(11426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11426"
}
]
}
}

140
2003/1xxx/CVE-2003-1428.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030210 Gallery 1.3.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/311161"
},
{
"name" : "6809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6809"
},
{
"name" : "gallery-album-insecure-directory(11284)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6809"
},
{
"name": "20030210 Gallery 1.3.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/311161"
},
{
"name": "gallery-album-insecure-directory(11284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11284"
}
]
}
}

120
2003/1xxx/CVE-2003-1591.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}

150
2004/0xxx/CVE-2004-0293.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0293",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040217 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107703602707450&w=2"
},
{
"name" : "http://www.zone-h.org/en/advisories/read/id=3962/",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/en/advisories/read/id=3962/"
},
{
"name" : "shopcartcgi-dotdot-directory-traversal(14982)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14982"
},
{
"name" : "9670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shopcartcgi-dotdot-directory-traversal(14982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14982"
},
{
"name": "9670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9670"
},
{
"name": "http://www.zone-h.org/en/advisories/read/id=3962/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=3962/"
},
{
"name": "20040217 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107703602707450&w=2"
}
]
}
}

140
2004/2xxx/CVE-2004-2181.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.maxpatrol.com/advdetails.asp?id=7",
"refsource" : "MISC",
"url" : "http://www.maxpatrol.com/advdetails.asp?id=7"
},
{
"name" : "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html"
},
{
"name" : "11429",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html"
},
{
"name": "http://www.maxpatrol.com/advdetails.asp?id=7",
"refsource": "MISC",
"url": "http://www.maxpatrol.com/advdetails.asp?id=7"
},
{
"name": "11429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11429"
}
]
}
}

170
2004/2xxx/CVE-2004-2572.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as \"()\" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://members.lycos.co.uk/r34ct/main/ldaplib/ldaplib.php%20reveal%20local%20path%20of%20Winmail%203.6%20webmail%20directory.txt",
"refsource" : "MISC",
"url" : "http://members.lycos.co.uk/r34ct/main/ldaplib/ldaplib.php%20reveal%20local%20path%20of%20Winmail%203.6%20webmail%20directory.txt"
},
{
"name" : "http://www.magicwinmail.net/download/english-help.chm",
"refsource" : "CONFIRM",
"url" : "http://www.magicwinmail.net/download/english-help.chm"
},
{
"name" : "9786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9786"
},
{
"name" : "4118",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4118"
},
{
"name" : "11015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11015"
},
{
"name" : "magic-winmail-path-disclosure(15361)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as \"()\" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "magic-winmail-path-disclosure(15361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15361"
},
{
"name": "4118",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4118"
},
{
"name": "9786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9786"
},
{
"name": "11015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11015"
},
{
"name": "http://www.magicwinmail.net/download/english-help.chm",
"refsource": "CONFIRM",
"url": "http://www.magicwinmail.net/download/english-help.chm"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/ldaplib/ldaplib.php%20reveal%20local%20path%20of%20Winmail%203.6%20webmail%20directory.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/ldaplib/ldaplib.php%20reveal%20local%20path%20of%20Winmail%203.6%20webmail%20directory.txt"
}
]
}
}

180
2008/2xxx/CVE-2008-2545.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name" : "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource" : "CONFIRM",
"url" : "http://www.skype.com/security/skype-sb-2008-003.html"
},
{
"name" : "29553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29553"
},
{
"name" : "ADV-2008-1749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name" : "1020201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020201"
},
{
"name" : "30547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30547"
},
{
"name" : "skype-fileuri-case-security-bypass(43044)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}

450
2012/0xxx/CVE-2012-0503.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
},
{
"name" : "DSA-2420",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2420"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBUX02757",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name" : "HPSBUX02760",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name" : "HPSBUX02777",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "HPSBUX02784",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name" : "SSRT100779",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name" : "SSRT100805",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name" : "SSRT100854",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100871",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2012:1080",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1080.html"
},
{
"name" : "RHSA-2012:0508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name" : "RHSA-2012:0514",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
},
{
"name" : "RHSA-2012:0702",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0702.html"
},
{
"name" : "SUSE-SU-2012:1013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html"
},
{
"name" : "SUSE-SU-2012:0881",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html"
},
{
"name" : "SUSE-SU-2012:0602",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name" : "SUSE-SU-2012:0603",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
},
{
"name" : "SUSE-SU-2012:0734",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html"
},
{
"name" : "52018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52018"
},
{
"name" : "oval:org.mitre.oval:def:14813",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14813"
},
{
"name" : "48589",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48589"
},
{
"name" : "49198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49198"
},
{
"name" : "48692",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48692"
},
{
"name" : "48915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48915"
},
{
"name" : "48948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48948"
},
{
"name" : "48950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48950"
},
{
"name" : "48073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48073"
},
{
"name" : "48074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48074"
},
{
"name": "HPSBUX02784",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
},
{
"name": "SUSE-SU-2012:1013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "SUSE-SU-2012:0881",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html"
},
{
"name": "48589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48589"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name": "SUSE-SU-2012:0734",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "SUSE-SU-2012:0603",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
},
{
"name": "48073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48073"
},
{
"name": "48950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48950"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "SSRT100871",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "HPSBUX02757",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name": "52018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52018"
},
{
"name": "DSA-2420",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0514",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
},
{
"name": "oval:org.mitre.oval:def:14813",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14813"
},
{
"name": "RHSA-2012:1080",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1080.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "RHSA-2012:0702",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0702.html"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "SSRT100779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

220
2012/0xxx/CVE-2012-0609.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "52365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52365"
},
{
"name" : "79931",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79931"
},
{
"name" : "oval:org.mitre.oval:def:17434",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17434"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20120609-code-execution(73828)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79931",
"refsource": "OSVDB",
"url": "http://osvdb.org/79931"
},
{
"name": "52365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52365"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "apple-webkit-cve20120609-code-execution(73828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73828"
},
{
"name": "oval:org.mitre.oval:def:17434",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17434"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

140
2012/1xxx/CVE-2012-1676.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "1026953",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026953"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/1xxx/CVE-2012-1868.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka \"Win32k.sys Race Condition Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-041",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041"
},
{
"name" : "TA12-164A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name" : "oval:org.mitre.oval:def:15647",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15647"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka \"Win32k.sys Race Condition Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name": "MS12-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041"
},
{
"name": "oval:org.mitre.oval:def:15647",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15647"
}
]
}
}

170
2012/4xxx/CVE-2012-4886.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25140",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/25140"
},
{
"name" : "20130427 WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Apr/247"
},
{
"name" : "http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.html"
},
{
"name" : "59529",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59529"
},
{
"name" : "92847",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/92847"
},
{
"name" : "wpsoffice-wpsio-bo(83862)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83862"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.html"
},
{
"name": "wpsoffice-wpsio-bo(83862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83862"
},
{
"name": "92847",
"refsource": "OSVDB",
"url": "http://osvdb.org/92847"
},
{
"name": "59529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59529"
},
{
"name": "20130427 WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/247"
},
{
"name": "25140",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/25140"
}
]
}
}

150
2012/5xxx/CVE-2012-5078.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-5078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name" : "SUSE-SU-2012:1398",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name" : "56066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56066"
},
{
"name" : "oval:org.mitre.oval:def:16308",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name": "56066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56066"
},
{
"name": "oval:org.mitre.oval:def:16308",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16308"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
}
]
}
}

140
2012/5xxx/CVE-2012-5151.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-5151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=165538",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=165538"
},
{
"name" : "oval:org.mitre.oval:def:16453",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=165538",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=165538"
},
{
"name": "oval:org.mitre.oval:def:16453",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16453"
}
]
}
}

130
2012/5xxx/CVE-2012-5803.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name" : "authorizedotnet-ubercart-ssl-spoofing(79948)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
]
}
}

150
2012/5xxx/CVE-2012-5893.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html"
},
{
"name" : "80768",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80768"
},
{
"name" : "48646",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48646"
},
{
"name" : "havalite-upload-file-upload(74486)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74486"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html"
},
{
"name": "80768",
"refsource": "OSVDB",
"url": "http://osvdb.org/80768"
},
{
"name": "havalite-upload-file-upload(74486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74486"
},
{
"name": "48646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48646"
}
]
}
}

140
2017/3xxx/CVE-2017-3067.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Experience Manager Forms 6.2, 6.1, 6.0",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Experience Manager Forms 6.2, 6.1, 6.0"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Experience Manager Forms 6.2, 6.1, 6.0",
"version": {
"version_data": [
{
"version_value": "Adobe Experience Manager Forms 6.2, 6.1, 6.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/aem-forms/apsb17-16.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/aem-forms/apsb17-16.html"
},
{
"name" : "98348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98348"
},
{
"name" : "1038428",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/aem-forms/apsb17-16.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb17-16.html"
},
{
"name": "98348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98348"
},
{
"name": "1038428",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038428"
}
]
}
}

140
2017/3xxx/CVE-2017-3089.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Digital Editions 4.5.4 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Digital Editions 4.5.4 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Digital Editions 4.5.4 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Digital Editions 4.5.4 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html"
},
{
"name" : "99020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99020"
},
{
"name" : "1038658",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99020"
},
{
"name": "1038658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038658"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html"
}
]
}
}

140
2017/3xxx/CVE-2017-3104.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe RoboHelp RH2017.0.1 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe RoboHelp RH2017.0.1 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe RoboHelp RH2017.0.1 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe RoboHelp RH2017.0.1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html"
},
{
"name" : "100707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100707"
},
{
"name" : "1039319",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039319"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100707"
},
{
"name": "1039319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039319"
},
{
"name": "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html"
}
]
}
}

132
2017/3xxx/CVE-2017-3619.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Automatic Service Request (ASR)",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automatic Service Request (ASR)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "97771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97771"
}
]
}
}

152
2017/3xxx/CVE-2017-3631.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42270",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42270/"
},
{
"name" : "45625",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45625/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html"
},
{
"name" : "99151",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99151"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45625",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45625/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html"
},
{
"name": "99151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99151"
},
{
"name": "42270",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42270/"
}
]
}
}

34
2017/6xxx/CVE-2017-6083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6083",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6083",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

136
2017/6xxx/CVE-2017-6131.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2017-6131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP Azure cloud instance",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 to 12.1.2"
},
{
"version_value" : "13.0.0"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "default administrative password"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2017-6131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Azure cloud instance",
"version": {
"version_data": [
{
"version_value": "12.0.0 to 12.1.2"
},
{
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K61757346",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K61757346"
},
{
"name" : "1038569",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "default administrative password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K61757346",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61757346"
},
{
"name": "1038569",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038569"
}
]
}
}

130
2017/6xxx/CVE-2017-6647.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Remote Expert Manager",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Remote Expert Manager"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Remote Expert Manager",
"version": {
"version_data": [
{
"version_value": "Cisco Remote Expert Manager"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7"
},
{
"name" : "98538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7"
},
{
"name": "98538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98538"
}
]
}
}

170
2017/7xxx/CVE-2017-7023.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207922",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207922"
},
{
"name" : "https://support.apple.com/HT207923",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207923"
},
{
"name" : "https://support.apple.com/HT207924",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207924"
},
{
"name" : "https://support.apple.com/HT207925",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207925"
},
{
"name" : "99883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99883"
},
{
"name" : "1038950",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207924",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207924"
},
{
"name": "https://support.apple.com/HT207925",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207925"
},
{
"name": "https://support.apple.com/HT207923",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207923"
},
{
"name": "99883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99883"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
},
{
"name": "https://support.apple.com/HT207922",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207922"
}
]
}
}

266
2017/7xxx/CVE-2017-7801.json
View File

@ -1,135 +1,135 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.3"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.3"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "55"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free with marquee during window resizing"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.3"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.3"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "55"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1371259",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1371259"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/"
},
{
"name" : "DSA-3928",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3928"
},
{
"name" : "DSA-3968",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3968"
},
{
"name" : "GLSA-201803-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201803-14"
},
{
"name" : "RHSA-2017:2456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2456"
},
{
"name" : "RHSA-2017:2534",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2534"
},
{
"name" : "100197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100197"
},
{
"name" : "1039124",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free with marquee during window resizing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-19/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-20/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-20/"
},
{
"name": "DSA-3968",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3968"
},
{
"name": "100197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100197"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-18/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-18/"
},
{
"name": "RHSA-2017:2456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2456"
},
{
"name": "RHSA-2017:2534",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2534"
},
{
"name": "1039124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039124"
},
{
"name": "GLSA-201803-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201803-14"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1371259",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1371259"
},
{
"name": "DSA-3928",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3928"
}
]
}
}

130
2017/7xxx/CVE-2017-7877.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/flatCore/flatCore-CMS/issues/27",
"refsource" : "CONFIRM",
"url" : "https://github.com/flatCore/flatCore-CMS/issues/27"
},
{
"name" : "97709",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97709"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flatCore/flatCore-CMS/issues/27",
"refsource": "CONFIRM",
"url": "https://github.com/flatCore/flatCore-CMS/issues/27"
},
{
"name": "97709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97709"
}
]
}
}

122
2017/8xxx/CVE-2017-8182.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nice-AL00",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bound read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nice-AL00",
"version": {
"version_data": [
{
"version_value": "Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bound read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en"
}
]
}
}

34
2017/8xxx/CVE-2017-8407.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8407",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8407",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/8xxx/CVE-2017-8502.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, and Microsoft Excel 2016.",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Office"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8501."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, and Microsoft Excel 2016.",
"version": {
"version_data": [
{
"version_value": "Microsoft Office"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8502",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8502"
},
{
"name" : "99442",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99442"
},
{
"name" : "1038851",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8501."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038851"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8502",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8502"
},
{
"name": "99442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99442"
}
]
}
}

150
2017/8xxx/CVE-2017-8731.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42758",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42758/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731"
},
{
"name" : "100735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100735"
},
{
"name" : "1039326",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42758",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42758/"
},
{
"name": "1039326",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039326"
},
{
"name": "100735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100735"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731"
}
]
}
}

120
2018/10xxx/CVE-2018-10211.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified \"vaultize_session_id\" value in a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211/",
"refsource" : "MISC",
"url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified \"vaultize_session_id\" value in a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211/"
}
]
}
}

34
2018/10xxx/CVE-2018-10273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10273",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10273",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/10xxx/CVE-2018-10330.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10330",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10330",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/10xxx/CVE-2018-10634.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-08T00:00:00",
"ID" : "CVE-2018-10634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Medtronic insulin pump",
"version" : {
"version_data" : [
{
"version_value" : "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-08T00:00:00",
"ID": "CVE-2018-10634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic insulin pump",
"version": {
"version_data": [
{
"version_value": "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"name" : "105044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"name": "105044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105044"
}
]
}
}

130
2018/13xxx/CVE-2018-13416.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45133",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45133/"
},
{
"name" : "20180731 Out-of-Band XXE in Universal Media Server's SSDP Processing",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/94"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45133",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45133/"
},
{
"name": "20180731 Out-of-Band XXE in Universal Media Server's SSDP Processing",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/94"
}
]
}
}

130
2018/13xxx/CVE-2018-13466.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crystals",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crystals"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crystals",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crystals"
}
]
}
}

120
2018/17xxx/CVE-2018-17008.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_04/README.md",
"refsource" : "MISC",
"url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_04/README.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_04/README.md",
"refsource": "MISC",
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_04/README.md"
}
]
}
}

34
2018/17xxx/CVE-2018-17202.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17202",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17202",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17308.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17308",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17308",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/17xxx/CVE-2018-17382.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45469",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45469/"
},
{
"name" : "http://packetstormsecurity.com/files/149524/Joomla-Jobs-Factory-2.0.4-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149524/Joomla-Jobs-Factory-2.0.4-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/149524/Joomla-Jobs-Factory-2.0.4-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149524/Joomla-Jobs-Factory-2.0.4-SQL-Injection.html"
},
{
"name": "45469",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45469/"
}
]
}
}

34
2018/17xxx/CVE-2018-17748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17748",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

144
2018/9xxx/CVE-2018-9071.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9071",
"STATE" : "PUBLIC",
"TITLE" : "CMM Security Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chassis Management Module (CMM)",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.0.0"
}
]
}
}
]
},
"vendor_name" : "Lenovo"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9071",
"STATE": "PUBLIC",
"TITLE": "CMM Security Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chassis Management Module (CMM)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-23806",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-23806"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Update to CMM v 2.0.0 or higher"
}
],
"source" : {
"advisory" : "LEN-23806",
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23806",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23806"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to CMM v 2.0.0 or higher"
}
],
"source": {
"advisory": "LEN-23806",
"discovery": "INTERNAL"
}
}

182
2018/9xxx/CVE-2018-9080.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9080",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Session fixation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9080",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}

34
2018/9xxx/CVE-2018-9316.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9316",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9312. Reason: This candidate is a reservation duplicate of CVE-2018-9312. Notes: All CVE users should reference CVE-2018-9312 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-9316",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9312. Reason: This candidate is a reservation duplicate of CVE-2018-9312. Notes: All CVE users should reference CVE-2018-9312 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2018/9xxx/CVE-2018-9317.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9317",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9313. Reason: This candidate is a reservation duplicate of CVE-2018-9313. Notes: All CVE users should reference CVE-2018-9313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-9317",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9313. Reason: This candidate is a reservation duplicate of CVE-2018-9313. Notes: All CVE users should reference CVE-2018-9313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}